1. 首頁
  2. 問答
  3. Nginx代理服務器SSL請求超過5秒的https請求中的破管

Nginx代理服務器SSL請求超過5秒的https請求中的破管

2012-11-06 36 views
2

我們讓nginx作爲反向代理坐在獨角獸的Rails應用前面。Nginx代理服務器SSL請求超過5秒的https請求中的破管

我們沒有覆蓋任何超時默認值。

我的問題是:

請求一個頁面,通過HTTP花費超過5秒。當它工作正常。

當請求一個超過httpS超過5秒的特定頁面時,我得到一個324(服務器的空響應) 在系統上請求任何其他頁面時,它只能通過https工作。

我可以確認這是一個計時問題,因爲我剝離了模板,並將睡眠模式設置爲6,以使模板等待呈現空白。

該請求有幾個subrequests js和css,這些單獨調用時工作正常。

nginx錯誤日誌在出現問題url時顯示套接字讀取錯誤。

當HTTP做模板渲染和子請求,

當在HTTPS失敗的URL,它發送請求上游兩次但死在那裏,不發送子請求。 (導軌應用聲稱它呈現它確定)

奇怪的是,它發送的原始請求兩次至上游, 然後死,

日誌和配置文件如下,

NGINX錯誤日誌(僅在HTTPS上讀取需要很長時間渲染的特定網址時):

2012/11/06 15:05:00 [info] 5717#0:* 4012 SSL_write()failed(SSL :) (32:斷管),同時讀取上游,客戶:10.2.20.98,ser ver:cloud.zia4buildings.com,請求:「GET/admin/datasets HTTP/1.1」,上游:「http://127.0.0.1:3000/admin/datasets」,主機:「cloud.zia4buildings.com」,引用者:「https://cloud.zia4buildings.com/admin/sage_categories」

2012/11/06 15:05:03 [info] 5717#0:* 4027 SSL_write()失敗(SSL :)(32:當讀取上游時,客戶端:10.2.20.98,服務器:cloud.zia4buildings.com,請求:「GET/admin/datasets HTTP/1.1」,上游:「http://127.0.0.1:3000/admin/datasets 」主機 「cloud.zia4buildings.com」,引薦: 「https://cloud.zia4buildings.com/admin/sage_categories」

[編輯] 問題是超時在https代理通, if我在任何頁面(甚至是一個超輕的頁面)中投入6秒睡眠,然後https請求失敗。

**APPLICATION LOGS:** 
(my comments in (-- --) 
**HTTP:** 

Started GET "/admin/datasets" for 127.0.0.1 at 2012-11-06 09:19:40 -0700 
    Processing by Admin::DatasetsController#index as HTML 
(-- lots of these ok --) 
Rendered admin/datasets/_dataset.html.erb (0.0ms) 
Rendered admin/datasets/_dataset_category.html.erb (5.4ms) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered layouts/_admin_links.html.erb (4.1ms) 
Rendered admin/datasets/index.html.erb within layouts/admin (5694.0ms) 
Completed 200 OK in 5704ms (Views: 5171.9ms | ActiveRecord: 531.4ms) 


Started GET "/stylesheets/dyn_stylesheets/dynamic.css" for 127.0.0.1 at 2012-11-06 09:15:31 -0700 
    Processing by DynStylesheetsController#index as CSS 
    Parameters: {"id"=>"dynamic"} 
Exist fragment? views/rating_system_css_colors (1.4ms) 
Read fragment views/rating_system_css_colors (0.1ms) 
Exist fragment? views/leed_category_css_colors (0.4ms) 
Read fragment views/leed_category_css_colors (0.0ms) 
Exist fragment? views/sage_category_css_colors (0.3ms) 
Read fragment views/sage_category_css_colors (0.0ms) 
Exist fragment? views/node_css_colors (3.3ms) 
Read fragment views/node_css_colors (0.0ms) 
Rendered dyn_stylesheets/dynamic.css.erb (9.8ms) 
Completed 200 OK in 17ms (Views: 12.1ms | ActiveRecord: 4.0ms) 
(-- EOF HTTP success request --) 



**HTTPS:** 

Started GET "/admin/datasets" for 127.0.0.1 at 2012-11-06 09:20:44 -0700 
    Processing by Admin::DatasetsController#index as HTML 
Rendered admin/datasets/_set_field.html.erb (15.8ms) 
(-- lots of these ok --) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered layouts/_admin_links.html.erb (3.0ms) 
Rendered admin/datasets/index.html.erb within layouts/admin (5973.3ms) 
Completed 200 OK in 5982ms (Views: 5419.4ms | ActiveRecord: 561.5ms) 

(-- (here starts a second, identical request without no apparent reason) --) 

Started GET "/admin/datasets" for 127.0.0.1 at 2012-11-06 09:20:47 -0700 
    Processing by Admin::DatasetsController#index as HTML 
Rendered admin/datasets/_set_field.html.erb (15.9ms) 
Rendered admin/datasets/_set_field.html.erb (0.5ms) 
(-- lots of these ok --) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered layouts/_admin_links.html.erb (4.1ms) 
Rendered admin/datasets/index.html.erb within layouts/admin (5944.9ms) 
Completed 200 OK in 5955ms (Views: 5419.8ms | ActiveRecord: 549.8ms) 

(-- here the browser gets the error 324, empty response --)

CONF:

這是典型的配置:

upstream unicorn_server { 
    # this socket is set up on the config/unicorn.rb file 
    server unix:/home/sage/apps/sage/production/shared/.unicorn.sock; 
} 

server { 
    listen  80; 

    root /home/sage/apps/sage/production/current/public; 

    location/{ 
    proxy_set_header X-Forwarded-For $scheme; 
    proxy_set_header Host $http_host; 
    proxy_redirect off; 

    if (!-f $request_filename) { 
     proxy_pass http://unicorn_server; 
     break; 
    } 
    } 

} 

server { 
    listen  localhost:443; 
    listen  10.2.20.84:443; 

    ssl     on; 
    ssl_certificate  /etc/ssl/certs/cert.chained.crt; 
    ssl_certificate_key /etc/ssl/certs/cert.com.key; 

    root /home/sage/apps/sage/production/current/public; 

    location/{ 
    proxy_set_header X-Forwarded-For $scheme; 
    proxy_set_header X-Forwarded-Proto https; 
    proxy_set_header Host $http_host; 
    proxy_redirect off; 

    if (!-f $request_filename) { 
     proxy_pass http://unicorn_server; 
     break; 
    } 
    } 
}

在正確的方向指針的任何大加讚賞,

謝謝!

來源

2012-11-06 user1419422

回答

0

沒關係,

罪魁禍首是HAProxy的正趴在我們的防火牆整個堆棧的前面。 因此發送這些超時,

來源

2012-11-06 23:27:16 user1419422

相關問題

 相關問題